CVSS: 4.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-29021 – Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2020-29021
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3. Una vulnerabilidad en el campo de entrada de la interfaz de Usuario Web de GateManager, permite a un atacante autenticado ingresar etiquetas de script que podrían causar un ataque de tipo XSS. Este problema afecta a: GateManager todas las versiones anteriores a 9.3 • https://www.secomea.com/support/cybersecurity-advisory • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14512 – USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916
https://notcve.org/view.php?id=CVE-2020-14512
GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords. GateManager versiones anteriores a 9.2c, el producto afectado usa un tipo de hash débil, que puede permitir a un atacante visualizar las contraseñas de los usuarios • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14510 – OFF-BY-ONE ERROR CWE-193
https://notcve.org/view.php?id=CVE-2020-14510
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. GateManager versiones anteriores a 9.2c, el producto afectado contiene una credencial embebida para telnet, lo que permite a un atacante no privilegiado ejecutar comandos como root • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-193: Off-by-one Error CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14508 – OFF-BY-ONE ERROR CWE-193
https://notcve.org/view.php?id=CVE-2020-14508
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. GateManager versiones anteriores a 9.2c, el producto afectado es vulnerable a un error por un paso, que puede permitir a un atacante ejecutar remotamente código arbitrario o causar una condición de denegación de servicio • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14500 – IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
https://notcve.org/view.php?id=CVE-2020-14500
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. Secomea GateManager todas las versiones anteriores a 9.2c, un atacante puede enviar un valor negativo y sobrescribir datos arbitrarios • https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01 • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-476: NULL Pointer Dereference •